Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-27 | Firewall: T4651: Add options to match packet size on firewall rules. | Nicolas Fort | |
2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
2022-06-14 | firewall: T4147: Use named sets for firewall groups | sarthurdev | |
* Refactor nftables clean-up code * Adds policy route test for using firewall groups | |||
2022-06-10 | Merge pull request #1356 from sarthurdev/nested_groups | Christian Poessinger | |
firewall: T478: Add support for nesting groups | |||
2022-06-10 | firewall: T478: Add support for nesting groups | sarthurdev | |
2022-06-10 | Firewall:T4458: Add ttl match option in firewall | Nicolas Fort | |
2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
Firewall: T3907: add log-level options in firewall | |||
2022-06-10 | smoketest: T970: Add commit after static-host-mapping | Viacheslav Hletenko | |
Staic-host-mapping 'example.com' should be exists before we configure firewall domain-group FOO address example.com | |||
2022-05-28 | firewall: T970: Add firewall group domain-group | Viacheslav Hletenko | |
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } } | |||
2022-05-27 | Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8 | Nicolas Fort | |
2022-05-11 | Firewall: T3907: add log-level options in firewall | Nicolas Fort | |
2022-05-09 | Merge pull request #1279 from nicolas-fort/T990 | Christian Poessinger | |
Firewall: T990: Add snat and dnat connection status on firewall | |||
2022-04-25 | smoketest: bugfix on proper inheritance levels for classmethod | Christian Poessinger | |
2022-04-23 | Firewall: T990: Modifications for new connection-status cli | Nicolas Fort | |
2022-04-14 | smoketest: firewall: ensure we can also run this test on a live system | Christian Poessinger | |
... by cleaning existing CLI config first | |||
2022-04-11 | Firewall: T990: Add snat and dst connection status on firewall | Nicolas Fort | |
2022-04-08 | Firewall: T990: Add snat and dnat connection status on firewall | Nicolas Fort | |
2022-04-06 | firewall: T4345: Fix incorrect rule limit rate syntax | sarthurdev | |
2022-01-29 | firewall: T4218: Adds a prefix to all user defined chains | sarthurdev | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | firewall: T4130: Add state-policy test to firewall smoketest | sarthurdev | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |